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Automata provide a decision procedure for Presburger arithmetic. However, until now only crude 
lower and upper bounds were known on the sizes of the automata produced by this approach. In 
this paper, we prove an upper bound on the the number of states of the minimal deterministic 
automaton for a Presburger arithmetic formula. This bound depends on the length of the formula 
and the quantifiers occurring in the formula. The upper bound is established by comparing 
the automata for Presburger arithmetic formulas with the formulas produced by a quantifier 
elimination method. We also show that our bound is tight, even for nondeterministic automata. 
Moreover, we provide optimal automata constructions for linear equations and inequations. 
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1. INTRODUCTION 

Presburger arithmetic (PA) is the first-order theory with addition and the ordering 
relation over the integers. A number of decision problems can be expressed in it, 
such as solvability of systems of linear Diophantinc equations, integer programming, 
and various problems in system verification. The decidability of PA was established 
around 1930 independently by Presburger [1930; 1984] and Skolem [1931; 1970] 
using the method of quantifier elimination. 

Due to the applicability of PA in various domains, its complexity and the com- 
plexity of decision problems for fragments of it have been investigated intensively. 
For example, Fischer and Rabin [1974; 1998] gave a double exponential nonde- 
terministic time lower bound on any decision procedure for PA. Later, Berman 
[1980] showed that the decision problem for PA is complete in the complexity class 
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LATIME(2 2 " ), i.e., the class of problems solvable by alternating Turing ma- 
chines in time 2 2 ° l ' with a linear number of alternations. The upper bound for PA 
is established by a result from Ferrante and Rackoff [1979] showing that quantified 
variables need only to range over a restricted finite domain of integers. Gradel [1988] 
and Schoning [1997] investigated the complexity of decision problems of fragments 
of PA. 

The complexity of different decision procedures for PA has also been studied, 
e. g., in [Oppen 1978; Reddy and Lovcland 1978; Ferrante and Rackoff 1975; 1979]. 
For instance, Oppen [1978] showed that Cooper's quantifier elimination decision 
procedure for PA [Cooper 1972] has a triple exponential worst case complexity 
in deterministic time. Reddy and Loveland [1978] improved Cooper's quantifier 
elimination and used it for obtaining space and deterministic time upper bounds 
for checking the satisfiability of PA formulas in which the number of quantifier 
alternations is bounded. 

Another approach for deciding PA or fragments of it that has recently become 
popular is to use automata; a point that was already made by Biichi [I960]. The 
idea is simple: Integers are represented as words, e.g., using the 2's complement 
representation, and the word automaton (WA) for a formula accepts precisely the 
words that represent the integers making the formula true. The WA can be re- 
cursively constructed from the formula, where automata constructions handle the 
logical connectives and quantifiers. This automata-based approach for PA led to 
deep theoretical insights, e.g., the languages that are regular in any base are ex- 
actly the sets definable in PA [Cobham 1969; Semenov 1977; Bruyere et al. 1994]. 
More recently, the use of automata has been proposed for mechanizing decision 
procedures for PA and for manipulating sets definable in PA [Boudet and Comon 
1996; Wolper and Boigelot 1995]. Roughly speaking, this applied use of WAs for 
PA is similar to the use of binary decision diagrams (BDDs) for propositional logic. 
For example, the automata library LASH [LASH ] provides tool support for manip- 
ulating PA definable sets using automata to represented these sets, and it has been 
successfully used to verify systems with variables ranging over the integers. Other 
model checkers that use WAs for computing the potential infinite sets of reachable 
states of systems with integer variables are, e.g., FAST [Bardin ct al. 2003] and 
ALV [Yavuz-Kahveci et al. 2005]. 

A crude complexity analysis of automata-based decision procedures for PA leads 
to a non-elementary worst case complexity. Namely, for every quantifier alter- 
nation there is a potential exponential blow-up. However, experimental compar- 
isons [Shiple et al. 1998; Bartzis and Bultan 2003; Ganesh et al. 2002] illustrate 
that automata-based decision procedures for PA often perform well in comparison 
with other methods. In [Boudet and Comon 1996], the authors claimed that the 
minimal deterministic WA for a PA formula has at most a triple exponential num- 
ber of states in the length of the formula. Unfortunately, as explained by Wolper 
and Boigelot [2000], the argument used in [Boudet and Comon 1996] to substan- 
tiate this claim is incorrect. Wolper and Boigelot [2000] gave an argument why 
there must be an elementary upper bound on the size of the minimal deterministic 
WA for a PA formula. However, their argumentation is rather sketchy and only 
indicates that there has to be an elementary upper bound. 
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In this paper, we rigorously prove an upper bound on the size of the minimal 
deterministic WA for PA formulas and thus, answer a long open question. Namely, 
for a PA formula in prenex normal form, we show that the minimal deterministic 

WA has at most 2" <b+1) states, where n is the formula length, a is the number 
of quantifier alternations, and b is the maximal length of the quantifier blocks. A 
similar upper bound holds for arbitrary PA formulas. This bound on the automata 
size for PA contrasts with the upper bound on the automata size for the monadic 
second-order logic WS1S, or even WS1S with the ordering relation "<" as a prim- 
itive but without quantification over monadic second-order variables. There, the 
number of states of the minimal WA for a formula can be non-elementary larger 
than the formula's length [Stockmeyer 1974; Reinhardt 2002]. In order to estab- 
lish the upper bound on the automata size for PA, we give a detailed analysis of 
the deterministic WAs for formulas by comparing the constructed WAs with the 
quantifier-free formulas produced by using Reddy and Lovcland's quantifier elimi- 
nation method. From this analysis, we obtain the upper bound on the size of the 
minimal deterministic WA for PA formulas. 

We also show that the upper bound on the size of deterministic WAs for formulas 
is tight. In fact, we show a stronger result. Namely, we give a family of Presburger 
arithmetic formulas for which even a nondeterministic WA must have at least triple 
exponentially many states. 

Furthermore, we investigate the automata constructed from atomic formulas. 
Specific algorithms for constructing WAs for linear (in)equations have been de- 
veloped in [Boudet and Comon 1996; Boigelot 1999; Wolper and Boigelot 2000; 
Bartzis and Bultan 2003; Gancsh et al. 2002]. We give upper and lower bounds on 
the automata size for linear (in)equations and we improve the automata construc- 
tions in [Boigelot 1999; Wolper and Boigelot 2000; Ganesh et al. 2002] for linear 
(in) equations. We prove that our automata constructions are optimal in the sense 
that the constructed deterministic WAs are minimal. 

We proceed as follows. In §2, we give background. In §3, we investigate the 
WAs for quantifier-free formulas. In §4, we prove the upper bound on the size of 
the minimal deterministic WA for PA formulas and in §5, we give a worst case 
example. Finally, in §6, we draw conclusions. 

2. PRELIMINARIES 

2.1 Presburger Arithmetic 

Presburger arithmetic (PA) is the first-order logic over the structure 3 := (Z, <, +)• 
We use standard notation. For instance, we write 3 |= <p[ai, ■ ■ ■ , a r ] for a formula 
ip(xi, . . . , x r ) and a±, . . . ,a r E Z if ip is true in 3 when the variable Xi is interpreted 
as the integer Oj, for 1 < i < r. Analogously, t[ai, . . . ,a r ] denotes the integer 
when the XiS are interpreted as the a^s in the term t(xi, . . . , x r ). For a formula 
ip{xi, . . . ,x r ), we define |<p] := {(ai, . . . ,a r ) E 17 : 3 |= <p[ai, . . . ,a r ]}. 

2.1.1 Extended Logical Language. We extend the logical language of PA by 
(i) constants for the integers and 1, (ii) the unary operation "— " for integer 
negation, and (iii) the unary predicates "c£|" for the relation "divisible by d" for 
each d>2. These constructs are definable in PA, c. g., the formula 3x(x+- ■ -+x=t) 
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defines d\t, where x occurs d times in the term x + ■ ■ ■ + x and x does not appear 
in the term t. The reason for the extended logical language, where (i), (ii), and 
(iii) are treated as primitives, is that it admits quantifier elimination, i. e., for a for- 
mula 3xip(x,y), where ip is quantifier-free, we can construct a logically equivalent 
quantifier- free formula tp(y). 

Additionally, we allow the relation symbols <,>,>, and ^ with their standard 
meanings. In the following, we assume that terms and formulas are defined in terms 
of the extended logical language for PA. We denote by PA the set of all Presburgcr 
arithmetic formulas over the extended logical language and QF denotes the set of 
quantifier-free formulas. 

For convenience, we use standard symbols when writing terms. For instance, c 
stands for 1 + • • • + 1 (repeated c times) if c > 0, and — (1 + • • • + 1) if c < 0. 
We call the term c a constant and identify the term c with the integer that it 

represents. Analogously, we write k ■ x for x + h x (repeated k times) if k > 0, 

and — (x + ■ — h x) if k < 0. Moreover, if k = then k ■ x abbreviates x + (—x). We 
say that k is a coefficient. For a term t and k £ Z, k ■ t denotes the term where the 
constant and the coefficients in t are multiplied by k. 

A term t is homogeneous if it is either or of the form k\ ■ x\ + ■ ■ • + k r ■ x r , for 
some r > 1, where the variables xi, . . . , x r are pairwise distinct and fci, . . . , k r <E 
Z\{0}. The normalized form of t\ -g-i2, with -g- 6 {=, ^, <, <, >, >}, is the logically 
equivalent (in)equation t -Zz c, where summands of the form k ■ x in ti and ti are 
collected on the left-hand side t and constants in t\ and t 2 are collected on the 
right-hand side c according to standard calculation rules. The normalized form of 
d\t is the formula d\t' + c, where c s Z is the sum of the constants in t and t' is 
the homogeneous term in which the coefficients of the summands of the form k ■ x 
in t are collected. We use A((p) to denote the set of atomic formulas occurring in 
if 6 PA in their normalized forms. 

2.1.2 Formula Length. The length of a formula is the number of letters used in 
writing the formula. Note that the length of a formula depends significantly on how 
we define the length of coefficients and constants. For instance, x = 10 • y contains 6 
letters, namely, x, =, 1, 0, •, and y. The "expanded version" has 2 + 19 letters since 
10 • y abbreviates the term y + y + y + y + y + y + y + y + y + y- We use the same 
definition of the length of a formula as in [Oppen 1978; Fischer and Rabin 1974; 
Reddy and Loveland 1978]. In particular, the length of a coefficient or constant is 
the number of letters of the expanded version. However, it is possible to express 
k ■ x by a formula of length 0(log \ k\). The idea is illustrated by x = 10 • y: the 
formula is logically equivalent to 3z(x = z + z A 3x(z = x + x + y A x — y + y)). Note 
that we only need a fixed number of variables for any k (see [Fischer and Rabin 
1974]). For the sake of uniformity, wc define the length of the formula d\t as the 
length of the term t plus d + 1. Again, there is a logically equivalent formula of 
length O(logrf) plus the length of t. For the results in this paper it does not matter 
if we define the length of an integer k as O(log \ k\) or as 0(|/c|). 

2.1.3 Nesting of Quantifiers. It is well-known that we obtain coarse complexity 
bounds for checking satisfiability if wc only take into account the formula length. 
We obtain more precise complexity bounds when we additionally for account the 
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number of quantifiers and the number of quantifier alternations. 

The quantifier number of p G PA is the number of quantifiers occurring in ip, 
i.e., 



qn(v) : = < 



'qn(V') 

qn(^i) + qn(V>2) 
1 + qn(ip) 




if ip = -iip, 

if <p = fa 8 tp2 with © e {A, V, - 
if = QxV> with Q € {3,V}, 
otherwise. 



For a quantifier Q G {3,V}, Q denotes its dual, i.e., Q := V if Q 
if Q = V. The number of quantifier alternations of y> G PA is 



3, and Q := 3 



qa(ip) := min{qa 3 (^), qa v (<^)} . 



where 



'qag(V') 


if ip — 


max{qa Q (^i),qa Q (i/'2)} 


if <p = ip! © V2 with G {V, A}, 


qa Q (-.Vi V ip 2 ) 


if <p = ^1 — > V2, 


qa Q ((ip! -» V2) A (V-2 V'l)) 


if </5 = ^1 <-> V2, 


1 + qag(V>) 


if 93 = Qxip, 


max{l,qa Q (-0)} 


if 93 = Qxi/s 


,0 


otherwise, 



forQG{3,V}. 

2.2 Automata over Finite Words 

The set of all words over an alphabet E is denoted by E*, E + denotes the set of all 
non-empty words over S*, and A denotes the empty word. The length of the word 
w G E* is denoted by |w|. 

A deterministic word automaton (DWA) is a tuple A = (Q,Y^,S,qi, F), where Q is 
a finite set of states, E is a finite alphabet, S : Q x E — > Q is the transition function, 
qi G Q is the initial state, and F C Q is the set of accepting states. The size of A 
is the cardinality of Q. The language of .A is L(.A) := G S* : <5(gi,w) G F}, 
where S(q,\) :— q and 5{q,wb) := <5(i5((?, b), for g G Q, b G E, and u> G E*. A 
state g G Q is reachable from p G Q if there is a word w G E* such that <5(p, w) = g. 

Let A = (Q, E, i5, q\, F) be a DWA, where we assume that every state is reachable 
from q\. Note that the states that are not reachable from q\ have no affect on the 
language of the DWA and can be eliminated. The states p, q G Q are equivalent, 
P ~a q for short, if for all w G E*, we have that S(p, w) G F iff S(q,w) G F. We 
omit the subscript in the relation ~>i if A is clear from the context. Note that 
~ C Q x Q is an equivalence relation. We denote the equivalence class of q G Q 
by q. Since we assume that all states are reachable from q\, the states p,q G Q can 
be merged iff p ~ q. We obtain the DWA A := ({q : q G Q}, E, <5, §1, {g : q G F}) 

with <5(<7, b) := 6), for q G Q and 6 G E. We have that L(A) = L(A) and A is 
minimal, i.e., for every DWA 25 with L("B) = L(A), either 15 has more states than 
A or CB is isomorphic to A. 
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3. AUTOMATA CONSTRUCTIONS 

In this section, we investigate the automata for quantifier-free PA formulas. In §3.1, 
we define how DWAs recognize sets of integers, in §3.2, we provide optimal automata 
constructions for linear (in)equations, in §3.3, we give an automata construction for 
the divisibility relation, and finally, in §3.4, we give an upper bound on the size of 
the minimal DWA for a quantifier-free formula. 

3.1 Representing Sets of Integers with Automata 

We use an idea that goes back at least to Buchi [1960] for using automata to rec- 
ognize tuples of numbers by mapping words to tuples of numbers. There are many 
possibilities to represent integers as words. We use an encoding similar to [Boigelot 
1999; Wolper and Boigelot 2000], which is based on the g's complement represen- 
tation of integers, where g > 2 and the most significant bit is the first digit. For 
the remainder of the paper, we fix g > 2 and let £ be the alphabet {0, . . . , g — 1}. 

Definition 3.1. For & n _ x . . . b G £*, we define (6„_i . . . &o)n ■— So<i<« We 
generalize this encoding to integers as follows. For b n b n _i . . . b a G £+, we define 



We call the first letter b n the sign letter, since it determines whether the word 
represents a positive or a negative number. 

Note that the empty word A does not represent an integer. This requirement saves 
us from considering some special cases in §3.2.2 and §3.2.2 where we optimize the 
automata constructions for (in) equations. However, for the natural numbers, it 
holds that (A)n = 0. Furthermore, note that the encoding of an integer is not 
unique. First, we have that (bu)z = (bcu)z, where 6, c G £ and u G £* with c = if 
b = and c = g — 1, otherwise. Second, it holds that (bu)z = (b'u)z, for all aeS* 
and b, b' G £ \ {0}, i. e., the sign letter 6^0 can be replaced by any other letter 
b' ^ 0. The motivation for allowing any letter to be the sign letter is that we do not 
have to deal with words in £ + that do not represent an integer. This eliminates 
case distinctions of the automata constructions in the next subsections. 

We extend the encoding to tuples of natural numbers and integers as follows: 
A word w := b n -i . ..bo G (£ r )* represents the tuple a := (ai, . . . ,a r ) G N r of 
integers, where the ith "track" of the word w encodes the natural number a,. That 
is, for all 1 < i < r, we have that dj = . . . &o,i)z, where bj = (6j,i, . . . , &j, r ) 

for < j < n. The encoding of an integer tuple ~z = {z\, . . . , z r ) G Z r is defined 
analogously for a word w = b n b~ n -i ■ ■ -b~o G (£ r ) + . The first letter b n of w is 
the sign letter since it determines the signs of the integers z\,...,z r . We define 
&{b n ) '■— (ci, ■ ■ ■ ,c r ), where a — if the ith coordinate of b n is and Cj = — 1, 
otherwise, for each 1 < i < r. We abuse notation and write (u>)n to denote the 
tuple a G N r and (w)z to denote the integer tuple z. 

Moreover, we write ((a)) N for the shortest word in (£ r )* that represents a G N r . 
Note that ((a)) N is well-defined since (1) there is a word w G (£ r )* with (to)z = a, 
and (2) if (u)n = (v')n for v,v' G (£ r )*, then v and v' have a common suffix 
u G (£ r )* with (m)n = (u)n- Similar to ((a)) N for a G N r , we define ((z)) z , for 
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(0,-) 



Fig. 1. DWA over the alphabet {0, l} 2 representing the set {(x, y) € Z 2 : y = 2x}. 

z G Z r , as the shortest word w G (S r ) + with z = (w)z and the first letter of w is 

in{o, e -i} r . 

Definition 3.2. Let U C Z r . The language L C (S r )* represents U if L = {w G 
(S r )+ : (w) z G [/}. A DWA .A represents U if L(.A) represents [7. 

Note that by this definition not every language over S r represents a set of tuples 
of integers, and not every DWA with alphabet S r represents a subset of U ' . 

Example 3.3. The set of pairs (x, y) G Z 2 where y equals 2x is represented by 
the DWA depicted in Figure 1 by using the base g = 2 for representing integers as 
words, i. e., the alphabet of the DWA is {0, l} 2 . In the figure, we use abbreviations 
like (0,-) to denote the letters (0,0) and (0, 1). 

3.2 Linear Equations and Inequations 

In this subsection, we first recall the automata constructions given in [Boigelot 
et al. 1998; Boigelot 1999; Wolper and Boigelot 2000; Ganesh et al. 2002] for linear 
(in) equations. Then, we improve these constructions such that they are optimal, 
i.e., the constructed DWAs are minimal. Assume that the (in)equation t $ c is 
given in normalized form, i. e., t{x\, . . . , x r ) is a homogeneous term, -g- G {=, ^, < 
, <, >, >}, and c G Z. 

First, we make the following observation for a word u G (S r )* and b G S r . If 
u ^ A then (ub)z = g(u)z + b. For u = A, we have that (6)z = a(b). Given this, 
it is relatively straightforward to obtain an analog of a DWA with infinitely many 
states for t -g- c. The set of states is {qi} U Z, where q\ is the initial state. Note 
that we identify integers with states. The idea is to keep track of the value of t 
as successive bits are read. Thus, except for the special initial state, a state in Z 
represents the current value of t. Lemma 3.4 below justifies this intuition. The 
transition function 77 : {{q\} U Z) x S r — > ({qi} U Z) is defined as follows for a letter 
b G S r . For the initial state, we define r](qi,b) := t[a(b)]. For q G Z, wc define 
r}(q,b) := gq + t[b}. 

Lemma 3.4. For u G (S r )* of length n > we have that 

(a) rf(q,u) = g n q + t[(u)^], for q G Z, and 

(b) r{{q l ,bu)=t[{bu)z\, forbeZ r . 

PROOF, (a) is easily proved by induction over n, and (b) follows from (a) and 
the definition of n. □ 
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Later we make use of the following lemma, which translates the question whether 
q G Z is reachable from pgZ via rj to a number-theoretic problem. 

Lemma 3.5. Let p,q G Z. T/iere are N, a,!, ... , a r > sucft t/iat AT > [log e (l + 
max{ai, . . . , a r })] and g N p + t[a\, . . . ,a r ] = q iff there is a word w G (S r )* such 
that rj(p, w) = q. 

PROOF. (=>) Assume that ((ai, . . . , a r )) N has length £ Note that £ < N. This 
follows from the fact that for every a G N, there is a word u G S* of length 
[~log e (l + a)] such that (u)n = a- By Lemma 3.4(a), we have that 

V(P,Q N ^{(ai, ■ ■ ■ , a r)) N ) = g N p + t[a l7 ...,a r ]=q. 

(<=) Assume that rj(p, w) = q, for some w G (57)*. Let A^ be the length of w. We 
have that AT > [log e (l + a)~|, where a is the largest number in the tuple (w)n- It 
follows from Lemma 3.4(a) that r}(p, w) = g N p + t[(w)n]. □ 

The automata constructions in [Wolper and Boigelot 2000; Ganesh et al. 2002] 
are based on the observation that the states q, q' G Z can be merged if, intuitively 
speaking, q and q' are both small or both large. Here, the meaning of "small" and 
"large" depends on the coefficients of t and on the constant c. More precisely, we 
say that q G Z is small if q < min{c, — ||i|| + }, and large if q > max{c, ||t||_}, where 

||t||_:= ]T \kj\ and \\t\\ + := ^ kj 

l<j<r 

and kj <0 and fcj >0 

assuming that t is of the form k\-x\+- ■ -+k r -x r . Note that from a small value we can 
only obtain smaller values and from a large value we can only obtain larger values 
by n, i. c., for all b G S7, if q > \\t\\- then r](q,b) = gq + t\b] > q, and if q < — \\t\\ + 
then r](q,b) = gq + t\b] < q. A difference between the constructions in [Wolper and 
Boigelot 2000] and [Ganesh et al. 2002] are the bounds that determine the meaning 
of "small" and "large". 

For m < n, we define ^l|* c n) := (Q, 57, 5, q h F), where Q := {gi} U {q G Z : m < 
q < n} and 

{m if r](q,b) < m, 

n if T](q,b) > n, 

r)(q, b) otherwise, 

for q G Q and b G S r . Moreover, let F := {q G Q n Z : g<5c}. 

Lemma 3.6. T/ie DWA ^|* c „) represents It $ c] i/m is smoii and n is /arge. 
Moreover, ^L|* c n ^ aas 2 + n — m states. 

PROOF. The fact that ■A*^ c n ) represents [[t -g- c]] follows from Lemma 3.4, and 
•^(* C n) nas 2 + n — to states by definition. □ 

In the following, we optimize the constructions such that the produced DWA 
for an (in)equation is minimal. Moreover, we give a lower bound on the minimal 
DWA for an (in)cquation. However, these results arc not needed for the upper 
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bound on the minimal DWA for a PA formula. In the remainder of this subsection, 
let -A|* c „) = (Q, S r , 6, qi, F) for the (in)equation t § c with m = max{g G Z : 
q is small} and n = min{g G Z : g is large}. We restrict ourselves to the cases 
where -g- G {=, <, >}. The cases with $ G <, >} reduce to the cases for =, <, 
> and complementation of DWAs, since t ^ c is logically equivalent to ->t = c, t < c 
is logically equivalent to ->t > c, and t > c is logically equivalent to -it < c. Note that 
complementation of a DWA can be done by flipping accepting and non-accepting 
states. After complementation we have to make the initial state of the DWA non- 
accepting since the empty word does not represent any integer tuple. The resulting 
DWA is minimal iff the original DWA is minimal. 

3.2.1 Eliminating Unreachable States. An obvious optimization is to eliminate 
the states in Q n Z that are not a multiple of the greatest common divisor of the 
absolute values of the coefficients in the term t, since they are not reachable from 
the initial state q\. We define the greatest common divisor of the term t{x\, . . . ,x r ) 
as gcd(f) := gcd(|fci|, . . . , |fc r |)> where ki is the coefficient of the variable x i; for 
1 < i < r. 

Lemma 3.7. The state q G Q flZ is reachable from the initial state q\ iff q is a 
multiple ofgcd(t). 

Proof. (=>) This direction is easy to prove by induction on the length of w G 
(S r )* with 5(q h w) G Z: for all b G S r , it holds that (i) S(q h b) = t[a(b)] is a 
multiple of gcd(i), and (ii) if S(qi, w) G Z is a multiple of gcd(£) then g8(qi, w)+t\b] 
is a multiple of gcd(i). 

(<=) Assume that q is a multiple of gcd(t). There are v\, . . . ,v r G Z such that 
t[vi, . . . ,v r ] = q. With Lemma 3.4(b) we conclude that 6(qi, ((vi, . . . , u r )) z ) = 
t[v!, . . . ,v r ]. □ 

Alternatively instead of filtering out the states q G Z that are not a multiple 
of gcd(t) we can rewrite the (in)equation t -S- c to the logically equivalent atomic 
formula a and then construct the DWA for a, where a is defined as 

*'*LiS3(t)J if*is>> 

t' H gcd(t) if $ is = and c is a multiple of gcd(t), 
1 < otherwise, 

where the coefficients in t' are the coefficients of t divided by gcd(i). In the remain- 
der of this subsection we assume that gcd(£) = 1. 

3.2.2 Optimal Construction for Inequations. In the following, we assume that 
the inequation is of the form t > c, with c > 0. The cases where -S- is < or c > 
are analogous. The following example illustrates that many states of ■A*^ ( c n ) can be 
merged if c is significantly larger than 

Example 3.8. The automata construction described above for the inequation a; — 
y > 32 produces a DWA with the set of states Q = {qi, -2, -1, 0, . . . , 32, 33}; but 

, Vol. V, No. N, Month 20YY. 



a := < 



10 • Felix Klaedtke 




(-,-) (0,0) (0,1) 

(1,1) 



Fig. 2. Minimal DWA over the alphabet {0, l} 2 for the inequation x — y > 32. 

the minimal DWA (see Figure 2) for x — y > 32 has only 13 states when we choose 
the base g = 2. 

The reason for this gap is that several states can be merged. First, we merge 
the states —2 and —1 since from both states only non-accepting states are reach- 
able. Second, we can merge the states in Q' := {q E Q n Z : 2q + a — b > 
c, for all a, b E {0, 1}} = {17, . . . , 32} to a single state since all states in Q' are 
non-accepting and all their transitions go to state 33. The state 16 cannot be 
merged with any other state since if we read the letter (1,0), we end up in the 
accepting state 33, and if we read the letters (0, 0), (1, 1), or (0, 1) we end up in the 
non-accepting states 32 or 31. The states in {9, ... , 15} can again be merged to a 
single state since with every transition we reach a state in Q'. Analogously, we can 
merge the states in {5, 6, 7}. 

In the following, we determine the equivalent states in -Aj^^. Note that from 
Lemma 3.7 it follows that all states are reachable from qi since we assume that 
gcd(t) = 1. We use the notation [d, d!) for the set {d,...,d' — 1} if d,d' E Z, 
and if d E Z and d! = oo then [d, d') := {z E 7L : z > d}. In order to identify the 
equivalent states, we define the following strictly monotonically decreasing sequence 
da > d\ > ■ ■ ■ > dt, for some £ > 1. Let do := oo and d\ := max{c + 1, ||t||-}. 
Assume that do > di > ■ ■ ■ > di are already defined, for some i > 1. 

— If = ||t||- then we are done, i.e., £ = i. 

— If di > \\t\\- then let di+i < di be the smallest integer greater than ||t||_ — 1 such 
that for all b E S r , there is an index j with 1 < j < i and 

Q d i+1 +t[b\, Q{di-l) + t[b] E [dj,dj_i). (1) 

Note that d i+1 is well-defined since di — 1 satisfies (1), for all b E S r . 

The following lemma characterizes the equivalent states. In particular, it shows 
that we can merge the states in R := { — ||t|| + , ||i||+ — 1}, and for each i < i < £, 
the states in [di, di-i) can be collapsed to one state. 

LEMMA 3.9. For all p,q E Q, it holds that p <~ q iff p = q or p,q E R or 
p,qE [di, di-i), forl<i<£. 

PROOF. (<=) If p = q then it is obvious that p ~ q. If p,q E R then we also 
have that p ~ q, since both states are non-accepting and all transitions from these 
states either go to — \\t\\+ or to — \\t\\ + — 1. It remains to prove that for 1 < i < £, if 
p,q E [di, di-i) then p ~ q. We prove this claim by induction over i. For i = 1, there 
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is nothing to prove, since [di,do) f~l Q is a singleton. For the induction step, assume 
that i > 1 and let p,q E [di, dj-i)- Without loss of generality we assume that p < q. 
By the definition of the transition function 8 and the sequence d > d\ > ■ ■ ■ > dt, 
we have that 

Qdi + t[b] < 8{p,b) < 8{q,b) < e (dj_i - 1) + t[b] , 

for all b E S r . Since there is a 1 < j < i with gdi + t\b], gdi-\ + t\b] E [dj, dj-i) we 
conclude that 8{p,b), 8(q,b) E [dj,dj-i). The claim now follows from the induction 
hypothesis. 

(=>■) We prove the claim by contraposition, i.e., p / g is implied by the three 
conditions (i) p ^ q, (ii) p E R =>■ q £ R, and (iii) for all 1 < i < £ , p G [di, di_i) =>• 
q G' [di, dj_i). Assume p ^ q. It suffices to distinguish the following three cases. 

Case 1: p E R and q ^ R. Since we can reach an accepting state from q, we have 
that p ^ q. 

Case 2: p E [di, di-\) and q ^ [dj, aVi), for some 1 < i < I . It is straightforward 
to prove by induction over i that p/ g. 

Case 3: p i? U Uk^J^' dj_i). Note that the conditions (ii) and (iii) are sat- 
isfied. We have that either p = qi or p E S, where S :— {s E Q n Z : — < s < 

If p = qi and q E R then we conclude similar to Case 1 that p / g. Assume that 
p = qi and q ^ R. Let 6 G S r be the letter that has a in its ith coordinate iff the 
ith coefficient of t is negative, and otherwise the ith coordinate is g — 1. It holds 
that gi q, since S(qi, b) = —t\b] E R and S(q,b) = gq + g\\t\\ + > q. From Case 1, 
it follows that p ^ q. 

Assume that p G S. Note that for every s E S there is a b E S r such that 
8(s,b) E S. It follows that for every n > there is a word u E (S r )* of length 
n such that 8{p,u) E S. We conclude that there is a word u E (S r )* such that 
8{p, u) E S and S(q, u) E i? U Ui<i<£K> dj_i), since <5(s, 6) — 8(s' , b) — g(s - s'), 
for all s, s' E S and all b E S r . Analogously to the Cases 1 and 2 we conclude that 
p/g. □ 

From Lemma 3.9, it follows that the minimal DWA representing ft > cj has at 
least \\t\\- + \\t\\+ states. Note that this is in contrast to the number of symbols we 
need to write the inequation t > c if coefficients are represented as binary numbers. 
For instance, we need 22 + 7 letters for 1025 • x — 1024 • y > 0, since each of the 
two coefficients can be represented with 11 digits. The same lower bound on the 
minimal DWA size holds for t < c. In the following, we show that a similar lower 
bound holds for equations. 

3.2.3 Optimal Construction for Equations. For an equation t=c, we can collapse 
the states in A l ^ n ^ from which we cannot reach the accepting state c G Q to a 
single non-accepting state. These optimizations produce the minimal DWA for t = c. 
For instance, the case for p E Q nZ is proved as follows. Assume that we can reach 
the state c from peQflS, i. e., there is a u E (S r )*, with 8(p, u) = c. Any other 
states q E Q (~1 Z with q ^ p from which we can reach c cannot be merged with p, 
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since 

. Lemma 3.4(a) i r , . i r , . Lemma 3.4(a) . 

The other cases are proved similarly. 

A lower bound for the minimal DWA representing [f =c] is based on the following 
lemma about the states of the DWA -A**^ = {Q, S r , (5, ft, f 1 ), where ^ g {=, ^, < 
,<,>,>}. Let S := {s g QnZ : + < s < ||t||_} and [n] := {0,...,n-l}, for 
n > 0. 

Lemma 3.10. Every geQnZ is reachable from every p g 5. 

PROOF. We need a result from number theory. Let 7 > and let c 1; . . . , c 7 be 
integers with < Ci < • • • < c 7 and gcd(ci, . . . , c 7 ) = 1. The Frobenius number 
G(ci, . . . , c 7 ) is the greatest integer z for which the linear equation c\ ■ x\ + ■ ■ ■ + 
c 7 • x 7 = z has no solution in the natural numbers. For 7 = 1, it trivially holds 

that G(ci) = —1. For 7 > 1, the upper bound G(c\, . . . ,c 7 ) < was proved 
by Dixmier [1990]. It is straightforward to show that for all 7 > 0, 

G( Cl ,..., Cj ) < *+"+<h -( Cl + ... + c 7 ). (2) 

In the following, we will prove the lemma, i. e., for p g S and q e QnZ there is 
a word u g (S r )* such that <5(p, u) = q. Note that if r = and r = 1 then 5 = 
and the claim is trivially true. Assume that r > 2. By Lemma 3.5, it suffices to 
show that the equation 

g N p + t(x 1 ,...,x r )=q (3) 

has a solution <n, . . . ,a r > with A > [~log e (l + max{ai, . . . , a r })~|. We distinguish 
four cases depending on p and q. 

Case 1 : p = 0. Equation (3) simplifies to 

t(x 1 , . . . ,x r ) = q. (4) 

There are positive and negative coefficients in t, since p g 5. It follows that 
equation (4) has infinitely many solutions in the natural numbers. Recall that 
we assume that gcd(f) = 1. In particular, there are a\,...,a r > with g N p + 
t[ai, . . . , a r ] — q, for some appropriate large enough N. 

Case 2: p > and q > 0. Let k^, . . . , /c^ be the positive coefficients in t, and let 
kj 1 ,. . . , /cj iy be the negative coefficients in t. Let be the size of the DWA -A'* c „), 
i.e., N = 3 + max{|c|, ||t||+} + max{c, ||i||-}. We rewrite equation (3) to 

Q N p-q + t 1 (x n ,...,x l J =t 2 (x jl ,...,X jv ), (5) 

where t\ is the term k^ -x^ +• • -Xi , and t 2 is the term | •Xj 1 +- ■ - + \kj v \ -Xj v . 
Note that g N p — q > since p > and g w > g. Let := gcd(\kj 1 1, . . . , fcj^ |). In 
order to show the existence of a solution ai,...,a r g [q n ] of equation (5), we 
proceed in two steps: 

Step 1: There are , . . . , G [D] such that 

D I g N p-q + t 1 {a H ,...,a l J. 
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Step 2: There are a J17 . . . , <ij u G [g N ] such that 

g N p -q + ti[a tl a ifl ] = t 2 [a jl a ju ] . 

Proof of Step 1: If /j, = then there is nothing to prove. Assume that fi > 0. 
There are K, R > such that g N p - q = DK + R with R < D. It suffices to 
show that there are a il , . . . , a ifi with < , . . . , a* < £>, and if' > 0, such that 
DK' = R + 1 1 [a i± , . . . , a ifl ] , since then 

g N p - q + iiK, . . . , OjJ = DK + R + tiK,. . . , OjJ = DK + DK' 

= D(K + K'), 

and thus, D\g N p -q + h[a n , . . . , a* J. 

First, assume the existence of a^, ... ,a,i > with + ti[ai r , . . . , a,^], where 
^i* > D, for some 1 < £ < /x. To simplify matters, we assume without loss of 
generality that £ = 1. There is an a > with a ix = D + a. Further, assume that 
there is no b < with D\R + t\ [b, Oj 2 , . . . , a* ]. For some if' > 0, we have that 

DK' = R + hla^, . . . , OjJ =i? + Dfe^ + t\[a, Oj 2 , . . . , a,J . 

Therefore, £>(iT - fcjj = i? + ti[a,a i2 , . . . ,a i( J, i.e., D\R + ti[a,a i2 , . . . ,a i( J. This 
contradicts the minimality of D + a. 

It remains to show the existence of , ... , ai^ > with D \ R + t± [a^ , . . . , a^^ ] . 
The existence reduces to the problem of whether the equation 

D ■ y — ki 1 ■ Xi 1 — ■ ■ ■ — ki^ ■ Xi^ = R 

has a solution in the natural numbers. This is the case since gcd(Z), ki 1 , . . . , k{^ ) — 
1, by assumption. 

Proof of Step 2: Assume that there are 7 > 1 distinct coefficients in t 2 of 
equation (5). Without loss of generality, assume that < \kj^ \ < ■ ■ ■ < \kj y |. Let 
w = e N P - q +t 1 [a ll ,...^] ^ . = |/^ for ! < ^ < ^. Note that ^ < . . . < ^ 

and that gcd(£\, . . . ,£ 7 ) = 1. Equation (5) simplifies with the djS from Step 1 to 

W = £1 ■ Xj x +•■•+£„ • x jv . (6) 

An upper bound on W is 

w< e N P-g+(e-m\t\\+ < e w (||t||--i)+( g -i)||t|| + 

— D — D (7) 

_ e^lltll- e N 1 (e-i)l|t||+ { ) 

D D D 

and a lower bound on W is 

W > B N -q > g W -max{e,||t||_} > g D <^ + -+^> -D^ + ■ ■ ■+£„) 
— D D — D 

>g ei+ - +e -> -{£! + ■■ -+e 7 ). 

From the lower bound on W and the upper bound on Frobenius numbers (2), 
it follows that equation (6) has a solution in the natural numbers. Let n > be 
maximal such that there are a\, . . . , a 7 > with 

W = l 1 a l ^ h^ 7 a 7 + Ki, (8) 
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where L := ^-jp. By contradiction, we obtain that oi,. ..,a 7 < L: Assume that 
there is a £, 1 < £ < 7 with = L + a, for some a > 0. Without loss of generality, 
assume that £ = 1. This contradicts the assumption that k is maximal: 

FT = kL + li (L + a) + t 2 a 2 H h ^ 7 a 7 

= (k + 4)L + l x a + l 2 a 2 H h ^ 7 a 7 • 

From /t and ai,...,a 7 , we obtain a solution for equation (6) in the natural 
numbers, namely 

W = kL + l\a\ + • • • + l 1 a 1 

= k(£i + ■■■+£„)+ l\a x + ■■■+ ^ 7 a 7 

= £i(k + ai) H + ^ 7 (k + a 7 ) + £y + i/c + • • • + i?, y K . 

It suffices to show that k < g N — max{ai, . . . , a 7 }. An upper bound on k is 

(8) W-ftiaiA h^-ya-y) 

K - L 

~ W max{oi,...,a 7 } 

— T L ' 

W o' Y ||f.||- _ el , (e-l)l|t||+ _ max{a 1 ,...,a T } 

— DL DL ' DL L 
< N _ . (e-l)||t|| + -max{a 1 ,...,a 7 } 

— " DL L 

It remains to check whether the inequality 

Q N -j^+ (e-mt\\ + -rn,,{a^..., a,,} <gN _ ^ } 

is valid. The previous inequality simplifies to 

(e-l)p|| + +max{ai,...,q T }(L-l) £*_ 
L ^ DL ■ 

Multiplying with the common denominator DL, the inequality simplifies further to 

D(q- l)\\t\\+ +Dmax{oi, . . . ,a 7 }(L - 1) < g N . 

Since max{a l7 . . . , a 7 } < L — 1 and N > ||t||_ + ||*|| + = + ||t||+, it suffices to 
show the validity of the inequality 

D{e - l)||t||+ + - I) 2 < g DL+ ^+ . (9) 

It is straightforward to show that the inequality (9) is true for all D, L > 1 and 
11*11+ >o. 

Case 3: p < and q < 0. It suffices to prove that there is a solution a\, . . . , a r S 
[p^] for the equation 

h(x n ,. . .,XiJ = g N \p\ - \q\+t 2 (x h ,. . .,xjj , 

where t\ and t 2 are defined as in Case 2. This equation is similar to equation (5) 
except t\ and t 2 are swapped. We can use a similar argumentation as in Case 2 for 
showing the existence of a\, . . . , a r € [g N ]- 

Case 4: p > and q < 0. This case can be solved with Case 1 and Case 2. Since 
p > and q < 0, we have that E S. By Case 2, the state is reachable from p, 
and by Case 1, q is reachable from state 0. 
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Case 5: p < and q > 0. Analogously, this case can be solved by Case 3 and 
Case 1. □ 

With Lemma 3.10 at hand, it is straightforward to prove for ^l'* c „) that p ~ q iff 
p = q, for all p,q G S. Therefore, we have that the minimal automaton representing 
\t = cj has at least 151 states. 

Another consequence of Lemma 3.10 is that S is a strongly connected component 
in *A** C „): By Lemma 3.10, every state q G S is reachable from every p 6 5, and it 
is easy to show that the initial state q\ is not reachable from a state in S and that 
a state in S cannot be reached from any state that is not in 5 U {qi}- 

3.3 Divisibility Relation 

In this subsection, we give an upper bound of the size of the minimal DWA for a 
formula d\t + c, where d > 2, t(xi, . . . , x r ) is a homogeneous term, and c G Z. 

Let A d \ t+C be the DWA with the set of states Q := {qi, 0, 1, . . . , d - 1}. A state 
q G Q n Z has an intuitive interpretation: if we reach the state q with a word 
w G (S r )* then the remainder of the division of by d equals q. We denote 

by rem(g, d) the remainder of q G Z divided by d. Let ,/l d l t+c := (Q, S r , <5, (ft, F) 
with 

% 6) - | rem (*[°'(*>)]> d ) if 1 = 

1 rem(gq + t\b], d) otherwise, 

for q G Q and 6 G S r , and F := {q G Q H Z : d\q + c}. Note that there is exactly 
one geQflZ with + c. 

The correctness of our construction follows from two facts: 

(a) For neZ, d\n + c iff d\ rem(n, d) + c. 

(b) For w G 6(q h w) = rem(t[<«;>z], d) . 

The proof of (a) is straightforward. There are p, g G Z such that pd + q = n and 
< q < <i. Note that q = rcm(n, d). By definition, d\n + c iff there is a fc G Z with 
dk = n + c = pd + q + c. The equality can be rewritten to d(k — p) = q + c, i. e., 
d\ rem(n, d) + c. 

We prove (b) by induction over the length of w. For the base case, let w = 
b G S r . Since we represent integers using g's complement, we have that £[(6)z] = 
t[cr(6)]. By definition, 8(qi,b) = iem(t[(b)z],d). For the step case, assume 5(qi, w) = 
rem(t[(w)z], d) and let b G S r . There are p, q G Z with t[(w)z] = pd + q and < 
q < d. Note that q = vem(t[{w)z], d) and t[{wb)j] = Qt[{w)j] +t\E\ = gpd+ gq + t\b]. 
We have that 

rem(t[(wb)z],d) — rem(gpd + gq + t\b], d) 

= icm(gq + t\b],d) = S(q,b) 

= S (S(qi , w) , b) = S(qi , wb) . 
Lemma 3.11. The DWA A d ^ t+C represents \d\t + c\ and has d + 1 states. 

An optimization of the construction is to filter out the states that are not a 
multiple of gcd(gcd(i), d). These states are not reachable from the initial state 
since rem(t[a], d) is a multiple of gcd(gcd(t), d), for every a G Z r . 
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3.4 Quantifier- free Formulas 

In this subsection, we give an upper bound on the size of the minimal DWA for 
a quantifier-free PA formula. This upper bound depends on the maximal absolute 
value of the constants occurring in the (in)equations of the formula, the homoge- 
neous terms, and the divisibility relations. The upper bound does not depend on 
the Boolean combination of the atomic formulas. This is not obvious since Boolean 
connectives are handled by the product construction if we construct the DWA re- 
cursively over the structure of the quantifier-free formula. The size of the resultant 
DWA using the product construction is in the worst case the product of the number 
of states of the two DWAs. 

Let T be a finite nonempty set of homogeneous terms and let D be a finite set 
of atomic formulas of the form d\t, where d > 1 and t is a homogeneous term. 
Moreover, let £ > max{||i|| + : t G T} U {||i||_ : t G T} and £' > max{cZ : d\t G D}. 

Theorem 3.12. Let ip be a Boolean combination of atomic formulas t -S- c and 
d\t + c', with t G T, d\t G D, -I < c < £, c' G Z, and $ G {=, ^, <, <, >, >}. The 
size of the minimal DWA for ip is at most (2 + 2f)l T l • £' l D L 

Proof. Without loss of generality, we assume that the variables occurring in 
terms in T are yi, . . . , y r . Let C be the product automaton of all the AVz^ e sS and 

A d ^s, for t G T and d\t G D. To simplify notation we omit the subscripts (—£,£) 
and we assume that T = {t\, . . . , t m } and D = {c?i|ti, . . . , d n \t n }. Note that the 
states of C are tuples (pi, . . . ,p m , qi, . . . , q n ), where pi is a state of A ti=0 and qj 
is a state of A d ^ tj . By Lemma 3.6, A ti=0 has 2 + 2£ states, and by Lemma 3.11, 
A d j\ tj has 1 + dj < £' states. It follows that the size of 6 is at most 

Y[(2 + 2£)- Y[ (1 + d) < (2 + 2^)I J I • £'\°\ . 
teJ d\teo 

It remains to define the set of accepting states of 6 according to tp. We define 
the DWA D as C except the set E of accepting states is defined as follows. A state 
q = (pi, . . . ,p m , qi, . . . , q n ) G Z m+n of D is in E iff 3 \= i> q , where i[) g is the formula 
obtained by substituting 

— the integer pi for the term U in the atomic formulas of the form U $ c, and 
— the integer qj for the term tj in the atomic formulas of the form dj\tj + c. 

Note that ip q is either true or not in 3 since it is a sentence. 

It remains to prove that D represents [[?/>]]• Let w G be a word representing 

a G Z r . For a term t G T, the value t[a] can be replaced by £ if t\a] > £ and by — £ if 
t\a] < —£ in every atomic formula of the form t $ c without changing its truth value 
since — £ < c < £. This modified value corresponds to the state reached by A t=0 
after reading the word w. For an atomic formula of the form d\t + c, with d\t G D, 
we can replace t\a] + c by rem(t[a] + c, d) without changing the truth value. This 
adjusted value corresponds to the state reached by A d ^ after reading the word w. 
From the definition of E, it follows that w G L(D) iff 3 h ip\a]- ^ 
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4. AN UPPER BOUND ON THE AUTOMATA SIZE 

In this section, we give an upper bound on the size of the minimal DWA for PA for- 
mulas. We obtain this bound by examining the quantifier-free formulas constructed 
by applying Reddy and Loveland's quantifier elimination method [Reddy and Love- 
land 1978], which improves Cooper's quantifier elimination method [Cooper 1972]. 
We use Reddy and Loveland's quantifier elimination method since the produced 
formulas are "small" with respect to the following parameters on which the upper 
bound of the minimal DWA in Theorem 3.12 depends. 

Definition 4.1. For tp G PA, we define 

T(tp) :={* : i§c£%)}, 
DO) :={d\t : d\t + c E A(lp)} , 

and 

max coc f(</?) := max{l} U {|fc| : k is a coefficient in t c G A(<p)} , 
max const (</?) := max{l} U {|c| : (§ce A(<p)} , 
maxdiv^) := max{l} U {d : d\t + c G A(tp)} . 

4.1 Eliminating a Quantifier 

For the sake of completeness, we briefly recall Reddy and Loveland's quantifier elim- 
ination method. Consider the formula 3xtp with <p(x,y) G QF. The construction of 
tp(y) G QF proceeds in 2 steps. 

Step 1: First, eliminate the connectives — > and <-> in tp using standard rules, e. g., a 
subformula \ ~~ > x' is replaced by ->x v x' ■ Second, push all negation symbols in tp 
inward (using De Morgan's laws, etc.) until they only occur directly in front of the 
atomic formulas. Third, rewrite all atomic formulas and negated atomic formulas 
in which x occurs such that they are all of one of the forms 

k-x<t{yx,...,y n ), (A) 

t(y!,...,y n )<k-x, (B) 

or 

d | t(x,y!, ...,y n ) (C) 

with k > 0. For instance, the negated inequation -i2 • x + 9 • y < 5 is rewritten to 
— 9 ■ y + 5 — 1 <2 ■ x, and the negated equation ^2 • x + 9 • y = 5 is replaced by the 
disjunction — 9-y + 5<2-a;V 2-x<— 9 • y + 5. Let <p'(x, y) be the resulting formula. 

Step 2: Let V'-oo be the formula where all the atomic formulas of type (A) in tp' are 
replaced by "true", i. e., < 1, and all atomic formulas of type (B) are replaced by 
"false" , i. e., 1 < 0. We assume in the following, without loss of generality, that < 1 
and 1 <0 do not occur as proper subformulas. Note that by propositional reasoning, 
we can always eliminate such subformulas, e. g., a A < 1 can be simplified to a. 
Let B be the set of the atomic formulas in <p' of type (B), and let lem (x, tp) be 
the least common multiple of the ds in the atomic formulas of type (C) and of 
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the coefficients of the variable x in the atomic formulas of type (B). Let tp be the 
formula 

\f i>-oo\j/x] V \/ \/ (k\t + c + j Aif'[t + c + j/k-x}), 

l<j<\cm(x.<p) l<j<lcm(a:,^) t+c<k-x£B 

where ip 1 [t + c + j /k ■ x] means that every atomic formula a in ip 1 in which x occurs 
is first multiplied by k and then k ■ x is substituted by t + c + j. Formally, for an 
atomic formula a, a term t, and fc G Z \ {0}, we define 

k'-t<k-t' \fa = k'-x<t', 

k-t' <k' -t if a = t' < k' ■ x, 

kd\k'-t + k-t' if a = d\k' -x + t', 

a otherwise. 

Fact 4.2. The formula tp is logically equivalent to 3x(p. 
4.2 Analysis 

We can construct from an arbitrary formula a logically equivalent quantifier-free 
formula by successively replacing subformulas of the form Qxip, where ip £ QF and 
Q G {3,V}, with the logically equivalent quantifier- free formulas that are produced 
by the quantifier elimination method. Oppcn [1978] analyzed the length of the 
formulas that arc produced by iterativcly applying Cooper's quantifier elimination 
method. Oppen proved a triple exponential upper bound on the formula length 
by relating the growth in the number of atomic formulas, the maximum of the 
absolute values of constants and coefficients appearing in these atomic formulas, 
and the number of distinct coefficients and divisibility predicates that may appear. 
Similar analysis of improved versions of Cooper's quantifier elimination method are 
in [Roddy and Loveland 1978; Gradel 1988]. 

Reddy and Loveland [1978] observed that they obtain shorter formulas when 
pushing quantifiers inward before applying their quantifier elimination method. For 
example, using the quantifier elimination method to eliminate the quantified vari- 
able X2 in 3x\3x2^p with ip G QF, we obtain a formula of the form 3x\((pi V . . . V 
(p n ). Instead of applying the quantifier elimination method to V ... V <p n ), 

rewriting the formula first to (3xifi) V ... V (3xiip n ) and then applying the 
quantifier elimination method to each of the disjuncts separately produces shorter 
formulas due to the following reasons. First, we avoid using \cm(xi,ipi V ... V (p n ) 
in Step 2 of the quantifier elimination method; instead we determine lcm(xi, ipi), for 
each disjunct ipi separately. Second, we use an inequation k ■ x\ < t of type (B) oc- 
curring in a disjunct ipi only for eliminating x\ in tpi. We do not use this inequation 
k ■ x\ < t for eliminating x\ in disjuncts tpj in which the inequation k-x\<t does not 
occur. However, if the variable x\ is universally quantified, then we cannot push the 
quantifier inward. Note that in order to apply the quantifier elimination method, 
we have to rewrite the formula Vxi^i V ... V ip n ) to ->3x\{-^{^p\ V ... V f n ))- To 
eliminate x\, we have to use in Step 2 lcm(xi, ->(<£i V ... V tp n )) and the set B of the 
inequations of type (B) occurring in the formula produced by Step 1 normalizing 

-.(^1 V ... V if n ). 

Reddy and Loveland analyzed the quantifier-free formulas produced by succes- 
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sively applying their quantifier elimination method to formulas in prenex normal 
form. We refine and extend their analysis to arbitrary formulas. However, before 
launching into the analysis, we need the following definitions. For p 6 PA, we define 

T + (ip) := {t G T(ip) : in t there occurs a variable that is bound in p} 

and 

D + (ip) := {d\t E D(p) : in t there occurs a variable that is bound in p} . 

Furthermore, let T-(ip) := T(ip) \ T + (ip) and D-(ip) := D(ip) \ D+ (ip). 

Lemma 4.3. For every ip e PA of the form Qx\ . . . Qxgd, with Q e {3, V} and 
■d G QF ; there is a logically equivalent ip G QF such that 

|TW\T_M|<|T + Mr+ 1 , 

|Dty) \ D_M| < (\T + {p)\ + l) s ■ (|D + M| + s) , 

and 

(ip) < a 2 , 
max div (V') < a , 
max const W<6« 22S(|T+MI+|D+MI+s) , 
where a > max{2, max coo f (ip), maxdi v (</?)} and b > max{2, max const ((/3)}. 

Proof. We first describe how we construct the quantifier-free formula ip, where 
we assume that Q = 3. For Q = V, we rewrite ip to Sx\ . . . 3x s ^d and eliminate 
the quantified variables in 3x\ . . . 3x s -i$ as described below. 

By a preprocessing step we rewrite to negation norm form (i. e., we eliminate 
the connectives — ► and <->, and we push the negation symbols inward such that 
the connective -i only occurs directly in front of atomic formulas) and we rewrite 
(in)equations so that we only have inequations of the form t < t' or t > t' and 
no negation occurs in front of an inequation. For instance, t < t' is rewritten to 
t < t' + 1 and -it < t' is rewritten to t > t'. Let i3 be the formula that we obtain by 
the rewriting. The only parameter that is changed by this rewriting is the maximal 
absolute value of a constant, which increases by at most 1. Observe that this special 
form of a formula is preserved when we apply the quantifier elimination method: In 
Step 1 we only rewrite the inequations such that they are of type (A) or (B) . Such 
rewriting does not alter the parameters. Step 2 also preserves this special form. 

After the preprocessing step, we construct the quantifier- free formula ip iteratively 
in s steps by constructing intermediate formulas ipo,. . . ,p> s , where ip will be <p s . 
Let i^o := 3xi • • • 3x s , do. In the £th step we eliminate the variable x s -t+i, where 
1 < I < s. This is done as follows. Assume that <pi-i = 3x\ . . . 3x s _^ + i^_i, where 
fli-i = fli-is V ... V i^_i jrl£1 . We push the existential quantification of 
inward in as far as possible. For every 1 < i < ri£_i, we apply the quantifier 
elimination method to 3x s -i + i-di^i : i. After the n^i applications of the quantifier 
elimination method, we obtain for some ni > 1, a formula i)i :— -tf^i V ... V fle,m 
that is logically equivalent to 3x s -e 1 i)e-i- Let ipe := 3x\ . . . 3x s -£di. 
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We now prove the upper bounds on the parameters of ip. Let uq := 1 and 
$0,1 := #o- It is straightforward to prove by induction over < £ < s: 

(i) There are indices 1 <i\, ■ ■ ■ ,ik < ng such that 

where fc < |T + (</j)| £ . 

(ii) There are indices 1 < i\, . . . , ik < ne such that 

D(ip e ) = D(l?/, il )U-"UD(l?/,iJ ) 

where k < (\T+((f)\ + if. 

The upper bounds on |T(i/))\T_((,c)| and |D(i/j)\D„(</?)| follow immediately from (i) 
and (ii), respectively since \T(dgs) \ T~(ip)\ < \T + (tp)\ and |D($^j) \ D_(</?)| < 
|D+(<p)| + £, for every < £ < s and 1 < i < rig. 

We establish upper bounds on m.ax coe f(^), m.axdi v ('0), and max cons t {ip): We 
prove by induction over I that 

max coef ( W ),max div ( W ) < a 2 ^ and max collst ( W ) < 6 a 2 2f (|T+M|+|D + ( v )|+£) _ 

For I = 0, these upper bounds are obviously true. Assume that I > 0. For 
1 < i < ng-i, we examine at the formula produced by the quantifier elimination 
method applied to 3a; s _^ + i^_i ; j. Note that Step 1 of the quantifier elimination 
method does not alter the absolute values of the coefficients and constants, and the 
ds in the divisibility predicate because of our preprocessing step by rewriting to 
i9 - It suffices to look at the substitutions a[t + c + j/k ■ x] carried out in Step 2, 
where a is an atomic formula in i^-i,,, t + c < k ■ x is an inequation of type (B) in 
$e-i,i, and 1 < j < lcm(x s -e +1 ,'&e-i,i)- 

— Assume that a — d\t, for some d > 1 and some term t. By the induction 
hypothesis, we have that 

kd < a -a = a < a . 

It follows that maxdivC^f) < o? . 
— Assume that a = k! ■ x < t' or a = t' < k' ■ x, for some k' > and some term 
t'. By the induction hypothesis, we have that k, k', and the absolute values of 
the coefficients occurring in t and t' are smaller than a 2 ( ' . It follows that the 
absolute values of the coefficients in the normalized inequations of k' ■ (t + c + 
j) < k ■ t' and k ■ t' < k' ■ (t + c + j) arc smaller than 

9 2(t-l) „2(l~l) „2(l-l) „2(l-l) „2l-\ „2l 

a -a + a -a = 2a < a . 

Hence, max coo f (ipg) < a 2 . 

The absolute values of the constants in the normalized inequations k! ■ (t + c + 
j) <k ■ t' and k ■ t' < k! ■ (t + c + j) is bounded by 

max coef (^_i) • (max const (^£-i) + lcm(x s - e+ i,'&e-i,i)) + 

maxcoof^-i) • max const (<^_i) , 
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which rewrites to 

max cocf ((yS£_i) • (2max const (^-i) + lcm(x a -e+i,'&e-i,i)) ■ (10) 
An upper bound on lcm(x s -£+i, 1,») is 



( 



2 2«-iK IT+MI + ID+MI+^-1 _ 2 2 < £ - 1 >.(|T + (^)| + |D + ( ¥ ,)|+^-l) 



a J = a 

since we determine the least common multiple of at most |T + (< f o)| + |D+(<p)| + 
I — 1 numbers and all these numbers are bounded by a 2 ' . By the induction 
hypothesis, we have that |c| and the absolute value of the constant in t' is smaller 
than 6 a 2 2( ^ 1) (|T + ( v )|+|D + ( v )|+£-i)_ Tncrcfore; ( 10 ) [ s smaller than 

a 2 '"" 1 (26a |T+(v)l+|D + (¥))l+ ^ 1 + a IT+(¥>)l+|D + M|+*-i) < 26a 2 2 *(|T + ( ¥ >)|+|D + ( v ,)|-M-i) 

< ba 2 2i (\T + (<p)\ + \D + ( v )\+l) _ 

It follows that max const ( W ) < & a 2 2 '(|T+M|+|D + ( v )|+£)^ n 

By iteratively applying Lemma 4.3 we obtain the following upper bounds for 
formulas in prenex normal form. 

Lemma 4.4. For every ip G PA of the form Q\X\ . . . Q r x r ipo with ipo G QF there 
is logically equivalent ip G QF such that 

|T(V>)| < T^ +1 ) qa<v) and | Dty) | < DT^ 1 )^*"* 2 , 

where T = max{2, |T(<£>)|}, D = max{l, |D((ys)|}, and £ is the maximal length of a 
quantifier block in p. Furthermore, it holds that 

maXcocfO) < a 

i i \ 2 2 qn tv) 

maxdivi^J < a , 



2 3 ,a( ¥ ) DT (e+i)i»M+ 2 

maxconstO) < ha , 

where a > max{2, max coc f((/)), maxdi v (<p) } and b > max{2, max const (<p)}. 

Proof. We construct the quantifier-free formula ip by successively eliminating 
the quantifier blocks in ip, starting from the innermost block. Assume that after 
the fcth step, where < k < q&(p), we have produced the formula 

Qixt . . . Q l x i Qx i+x . . . Qx ip k , 

where 1 < i < j < r, Qi, . . . , Qu Q G {3,V} with Q t ^ Q, and ip k G QF. Let 
ipk+i G QF be the formula from Lemma 4.3 that is logically equivalent to p k '■= 
Qx i+ i . . . Qxjipk- We define ip := VVM- 

For 1 < i < qa((/?) , let li be the length of the ith quantifier block. We prove by 
induction over < k < qa(y>) that 

|T(^)|<T^+ 1 )' t and \D(ip k )\ < DT^) k+ \ 

max coef (V>fc) < a and max div (V>fc) < a 
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and 

max const Ofc) < ba 
The base cases for k — are trivial. For the step cases, let k > 0. 

1. By Lemma 4.3, we have that 

m k )\T-{<Pk-i)\<[T + (<Pk-i)\ t+1 

< iT(v fe -i)i £+i < (T^ k -y +i = T^ k 

and 

|D(V fe )\D_(^ fe _ 1 )| < (|T + (^_ 1 )| + 1) £ -(|D + (^_ 1 )|+^) 

< (|T(V> fe -i)| + l)M|D(V> fe _i)|+^) 

I ^( T (/+l) fc - 1 + l)<.(I )T «+l)*+ 1 + ^ 

< 2 £ + 1 DT (£+1) ' c+(£+1) ' c+1 < DT ( - e+1)+(e+1)k+(e+1)k+1 

< DT (t+i) k+2 . 

Note that T > 2 and D > 1. 

2. By Lemma 4.3, we have that 

> 2 2l k 



max coef (V'fe) < (max{2,niax cocf (^_i)})' 

IH . 2 2(i! 1 +-+i! fc _ 1 ) N 2 2 ' ! fc 2 2 ('l + -+'*' 

< (a ) = a 

Analogously, we obtain the upper bound for maxd; v (ipk ) ■ 
3. By Lemma 4.3, we have that 

max const (^) < max^fe.O • (a^ f^^l^-^ 

^max^^-Oa^^'-^'d^-^l+l ^-)!^) 

<max const (^- 1 )a 22(fl+ - +ffe,(T<f+1) ^ 1+OT(f+1,fe+1 ^ ) 



< max const (^fe-i)a v ; 

2 2(f 1+ --- + f fe ) DT (f+l) fc + 2 

< max const (^fe-i)a 

< ba 

ba 2 l " . □ 



( 2 3(€l + ---+s fe _i) +2 2(€i + .-.+« fe )- )I)T (<> + l) fc + 2 



2 3(f 1 + .. + f fc ) £)T (f + l) fc + 2 



Before we generalize Lemma 4.4 to arbitrary formulas, we want to point out 
that transforming a formula first into prenex normal form and then eliminating the 
quantifiers is not a good thing to do. The formula size can increase because of the 
following reasons. 



, Vol. V, No. N, Month 20YY. 



Bounds on the Automata Size for Presburger Arithmetic • 23 



First, a transformation into prenex normal form can increase the number of 
quantifier alternations. For instance, any transformation of (Vxip) A (Byip) into 
prenex normal form will introduce at least one additional alternation of quantifiers. 

Second, when transforming a formula into prenex normal form we have to intro- 
duce fresh variables when pushing quantifiers to the front. As an example, consider 
the formula in prenex normal form 



3z„_i . . . 3z 2 3z 1 (x = z n 



-l + Zn-i A 

Z n -2 + Zn-2 A ... A 22 



z 1 + z 1 A z 1 = y + y) . 



for some n > 1. It consists of n distinct equations. A logically equivalent formula 
that consists of at most 4 distinct equations is 



3z{x — z + z A 

3z'(z = z' + z' A 



A 3z'(z = z' + z' A 3z(z' = z + zAz = y + yj) •••)). 



Furthermore, the formula length decreases by a factor of O(logn) since we use a 
fixed number of variables, i. e., we use x, y, z, z' instead of x, y, z\, . . . , z n -\. 

The third reason why a transformation into prenex normal form is not a good idea 
is illustrated by the formula (\fxip) <-> ip. Quantifiers do in general not distribute 
over — > and Therefore, we eliminate the connective <-> and obtain ((Vx</?) — ► 
ip) A (ip — * Vxip). Eliminating — > yields ((-iVx</?) V tp) A (-<ip V ^xip). To move 
the quantifiers to the front, we have to push the first negation inward. Finally, we 
obtain 3xVx'((^ip V ip) A (->V V <p[x'/x])) assuming that x does not occur free in 
ip, and x' does not occur free in ip and ip. We have not only doubled the length 
of the formula but we have also doubled the number of quantifiers. We want to 
eliminate quantifiers and have ended up doubling our work. 

In analogy to the maximum of the lengths of the quantifier blocks of a formula 
in prenex normal form, we define the quantifier block length of the formula ip as 



qbl((p) := max{qblg(')/') : Q 6 {3,V} and ip is a subformula of ip} . 



where 



forQe{3,V}. 



qbl Q (V>i) + qbl Q (V>2) 

qblg^Vi V 1P2) 

qbl Q ((^i -» -02) A (tp 2 -> ipi)) 

1 + qblqW 





if p = -iip, 

if ip = ip\ © ip2 with 



G {A,V}, 



if ip = ipi — > 
if ip = ipi <-> 
if ip = Qxip, 
otherwise, 



02, 
02, 



Theorem 4.5. For every tp 
tp € QF such that 

|T(0)| < n (qbi( V )+i)" <rt 

max coef ('0) < a 



G PA o/ length n, there is a logically equivalent 



and 
and 



\D(iP)\<n 



max div (0) < a 



l + Cqbl^Hl)'" 1 '^ 2 



2 2 *=i n {v) 
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and 

,!,n( f ) l + (qbl( V ,) + l)<J s '<»')+ 2 

max COIls t(i/') < ba , 
where a > max{2, max coe f (</?), maxdiv(</>)} and b > max{2, max CO nst(<p)}- 

Proof. We require that variables are not reused in <p, i. e., the set of free vari- 
ables of <p is disjoint from the set of bound variables and the bound variables are 
pairwise distinct. Note that this can be achieved by replacing quantified variables 
by fresh variables. Such a variable renaming can increase the number of distinct 
atomic formulas. However, the number of atomic formulas after such a renam- 
ing still is less than or equal to the length of the original formula. Note that 
n>max{2,|T(^)|,|D(^)|}. 

We construct the formula ip € QF in qa(^) steps. Let tp := (p. Let < k < q&(ip) 
and assume that after the (k — l)st step we have produced the formula <pk-i- Let 
<& be the set of maximal subformulas i? of <pk-i with qa(i?) < 1 and where variables 
are either only existentially quantified or universally quantified. We can assume 
without loss of generality that every formula in $ is in prenex normal form and 
that <3? = . . . , i? m }. For 1 < i < m, let £j G QF be the logically equivalent 
formula to #j from Lemma 4.3. We replace in tpk-i every #j by £j. We obtain the 
formula <pk that is logically equivalent to ip and qa,(<fk) — qa(<^) — k. For k = qa(^), 
we define ip :— ipk- 

For the formula ipk, we have that 

TWCTM\( |J T + (^))u |J (Tte)\T_(^)). 

l<i<m l<i<m 

Since variables are not reused in (p, it follows that 

|T(^)| < \T(<p k -i)\ - E |T + (^)I+ E |T + (^)l qn( "* )+1 - 

l<i<m l<i<m 

It is straightforward to show that the left hand side has its maximum when m = 1 
and |T + (i?i)| = |T(<£fc_i)|. Analogously to the step case in the proof of Lemma 4.4 
for formulas in prenex normal form, it follows that |T(<p fe )| < n ^ hl ^ +1 ^ +1 under 
the assumption that |T(<p fe _i)| < n (<frV.<p)+V k . 

We can argue similarly for |D((^fc)|. Similar as in the proof of Lemma 4.4 for 
formulas in prenex normal form we obtain the upper bounds for max coe f (<fk), 
max div (</?*;), and max const (^). □ 

4.3 Main Result 

We now prove our main result: The upper bound on the automata size of the 
minimal DWA for Presburger arithmetic formulas. 

Theorem 4.6. The size of the minimal DWA for a formula ip e PA of length n 

j. n „<<J bl <^)+i) qa< »' ) + 4 
is at most 2" 

PROOF. Since we measure the length of integers linearly, we have that the 
absolute value of every integer occurring in ip is bounded by n. It holds that 

n > max const ((^), n > max cocf ((^), and n > max div {ip). 
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For qn(<p) = 0, we have that the size of the minimal DWA is at most 2™. For 
every atomic formula oti of length rn in ip, we can build a DWA of size at most m 
by using the constructions in §3.2 and §3.3. Applying the product construct yields 
a DWA of size at most Hi<i<m ni — 

< 2™, where m is the number of 

atomic formulas in ip. 

In the following, assume that qn(ip) > 1 and, therefore, we have that q&(<p) > 1 
and qb\(p) > 1. For the sake of readability, we define a := qa(</?) and I := qbl(y). 
From Theorem 4.5 it follows that there is a logically equivalent ip 6 QF with 

|Tty)| < and |D(^)| < n 1+ ^ a+2 . 

Upper bounds on max coe f (ip), maxdiv(^), and max con st('0) are 

max coef (^),max div (^) < n 2 < 2 2 log2 ™ < 2™ 

and 

max const (V>) < n i+A n < 2™ < 2™ 

Note that n>2,a£> qn(<p), and ar» = 2^ lo S2 for i > 1 and y > 0. 

Assume that there are r < n free variables in ip. Since every term in ip contains 
at most the free variables of ip, the sum of the absolute values of the coefficients in 
a term is bounded by n • n < 2" < 2" . With Theorem 3.12 at hand, 

we know that the size of the minimal DWA for ip is at most 

(2 + 2 • — 2 ) |TWI . maXdiv W | DW |. 

From 

( „(«+ 1 > a+1 +(«+ 1 > a+2 \ l 1 "^" „(<!+i) a + 1 +(<!+i) a + 2 +<«+i) a „(*+i) a+3 

and 

max div (^)l D (^)l < 2 « 2+2 " +( ^ 1)0+2 < 2 n^>°+^>° +2 < 2n W + * 

we conclude that the size of the minimal DWA for ip is at most 2™ . □ 

Theorem 4.6 does not change if we measure the length of integers logarithmically 
and not linearly. The only change is that the maximal absolute integer in p is now 
smaller than 2™. We have to adjust the bounds on max coe f (?/>)> maxdi v (V')i an d 
max const (V>)- For instance, we still have that 

max coef (V) < (2") 22qn<v> = 2" 22qn<v) < 2 ™ 1+2,a(rt,b,(rt . 

We argue analogously for maxdiv(V') an d max const (ip). 

COROLLARY 4.7. Let PA C be the set of PA formulas with at most c > quanti- 
fiers. The size of the minimal DWA for each p 6 PA C is at most 2" 0<1) ; where n is 
the length of (p. 

PROOF. If qn(^) < c then qa(</>) < c and qbl(p) < c. Since c is fixed the claim 
follows directly from Theorem 4.6. □ 
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We want to remark that Theorem 4.6 and Corollary 4.7 only give upper bounds 
on the sizes of the minimal DWAs for PA formulas. If the Boolean connectives and 
the quantifiers are handled by standard automata constructions, like complemen- 
tation and subset construction, and the DWAs are minimized after every automata 
construction step, it may be the case that the whole construction uses one exponent 
more space. The reason is that an exponential blow-up can occur each time the sub- 
set construction is applied. It is an open question whether the standard automata 

constructions already suffice to construct a DWA in 2™ (qbl<¥,)+1) space or time, 

for a given ip G PA of length n. It is also open if there are more efficient automata 
constructions than the standard ones for constructing DWAs for PA formulas. 

5. A WORST CASE EXAMPLE 

We give a worst case example that shows that our upper bound on the automata size 
is tight. We use the formulas Prod n (cc, y, z) defined by Fischer and Rabin [1974], 
for n > 0. It holds that 

[Prod„]] = {(a, b, c) G N : ab = c and a,b,c < [ J p) , 

p is prime and 
p<f(n+2) 

where f(n) := 2 2 ". Note that it follows from the Prime Number Theorem that 

Y[ P> 2 /(n)2 - 2 / (™+ 1 ) . 

p is prime and 
p</(n+2) 

Fischer and Rabin looked at the structure (N, +) and not at 3, but it is straightfor- 
ward to adapt the definition of Prod„(x, y, z) to 3- For n > 0, the length of Prod n 
and the number of quantifier alternations is linear in n. The quantifier block length 
is constant, i.e., there is a c > such that for all n > 0, qbl(Prod„) = c. By 

Theorem 4.6 we know that the minimal DWA for Prod„ has at most 2 states. 

Before we prove the lower bound on the automata size for the formulas Prod„, 
we need the following lemma. 

Lemma 5.1. Let I > 1. For all z G N with g^ 1 < z < g e - 2, there are 
x , V, z> G [q 1 ] suc h that xy = g l z + z' . 

PROOF. Assume that g l ~ Y < z < g e - 2. Let x,y G [g l ] with xy > g l z and 
xy — g l z is minimal. Note that it is always possible to find x, y G [g l ] with xy > g l z 
since for x = y = g l — 1, we have that 

^ - (g l - l) 2 = g 21 ~2g e + l> g\g l - 2) > g e z. 

Let z' :— xy — g l z. We have to show that z' G [g 1 ]. Since xy > g l z we have that 
z' > 0. For the sake of absurdity, assume that z' > g l . It follows that 

(x - l)y = xy -y = g e z + z' -y > g e z 

since y < g l and z' > g l . This contradicts the minimality of xy — g l z since 
xy > (x — l)y > g l z. □ 
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Our proof for the lower bound on the automata size for a formula Prod„ is based 
on the following lemma about the set 

MULT m := {(a, b, c) G Z 3 : a, b G [g rn ] and ab = c} , 

for m > 0. 

Lemma 5.2. Let m > 0. Every DWA representing MULT m has at least g m 
states. 

Proof. For m = 0, the claim is trivial. In the following, assume that m > 
and that A = (Q, £ 3 , 6, qi, F) is a DWA representing MULT m . Let K be the set 
of words of the form (0, 0,0)(0, 0, 6 m _i) . . . (0,0, &o) G (S 3 )* with & TO _i ^ and 
bo < g — 2. Let w e K and let z be the integer that is encoded by the third track 
of w. It holds that 

g m - 1 <z<g rn -2. 
From Lemma 5.1 it follows that there are x, y, z' G [g m ] such that 

xy = g rn z + z' . 

We conclude that for every prefix uofa word in K there is a word v G (S 3 )* such 
that {uv) z G MULT m . 

Now, let L be the set of all prefixes of K. Let u, u' G L \ {A} with u ^ u'. 
Moreover, let v G (S 3 )* with (uw)z G MULT m . The first and second tracks of uv 
and u'v encode both the pair (x, y). The third tracks of uv and w'v are different. 
It follows that (u'v)z £ MULT m and hence, 5(qi,u) ^ 5(qi,u'). We conclude that 
the DWA A must have a distinct state for every word in L. 

In the following, we determine the cardinality of L. For < i < m + 1, let 
Li := {w G L : \w\ = i}. We have that L = {A}, L x = {(0,0,0)}, L 2 = 
{(0, 0, 0)6 : b G S \ {0}}, L, = {wfe : w G and 6 G £}, for 3 < i < to, and 
L m +i = K. It holds that 

|L| = |L | + |ii| + |L 2 | + \L 3 \ + ■■■ + \L m \ + \L m+1 \ 

= 1 + 1 + {g - 1) + {g - 1)q + ■ ■ ■ + {q - l)g m - 2 + (g - l)^" 1 - 2 
= g m . □ 

Theorem 5.3. Let n > 0. T/ie size o/ every DWA representing [[Prod„]] is at 

I /("+!) I 

mos< least 2L 21 °E2 eJ . 

I /("+!) I 

PROOF. Assume that for n > 0, there is a DWA 2 with less than 2 L 2 lo s2 e J states 
representing the set [[Prod n J. Let m := . It holds that MULT m C [Prod„] 

since (g m -l) 2 < g 2m = 2 2mXo ^ e < 2^ n+1 \ It is straightforward to construct from 
23 a DWA representing the set MULT m that has as many states as 23 by making 
some of the accepting states in 23 non-accepting. This contradicts Lemma 5.2. □ 

Remark 5.4. We make the following remarks on nondeterministic word automata 
and alternating word automata [Brzozowski and Leiss 1980; Chandra et al. 1981]. 

(i) The proof of Theorem 5.3 carries over to nondeterministic word automata. 
That means, that we obtain the same lower bound for nondeterministic word 
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automata as for DWAs although nondeterministic word automata can some- 
times be exponentially more succinct than DWAs. 
(ii) A lower bound for the number of states of alternating word automata for the 
formula Prod„ is at least [ ^i"^" 1 ] J • This lower bound follows by contradiction 
from the remark (i) above and the fact that an alternating word automaton 
can be translated to an equivalent nondeterministic word automaton with 
exponentially more states. 

6. CONCLUSION 

We analyzed the automata-theoretic approach for deciding Presburger arithmetic 
and established a tight upper bound on the automata size. Moreover, we improved 
the automata constructions in [Boigclot 1999; Wolpcr and Boigelot 2000; Ganesh 
et al. 2002] for equations and inequations and proved that our automata construc- 
tions are optimal. 

The main technique to prove the upper bound on the automata size was to 
relate deterministic word automata with the formulas constructed by a quantifier 
elimination method. This technique can also be used to prove upper bounds on 
the sizes of minimal automata for other logics that admit quantifier elimination 
and where the structures are automata representable [Khoussainov and Nerode 
1995; Blumensath and Gradel 2000; Rubin 2004], i. e., these structures are provided 
with automata for deciding equality on the domain and the atomic relations of the 
structure. Prominent examples are the mixed first-order theory over the structure 
(R, Z, <, +) [Boigelot et al. 2001; Weispfenning 1999] and the first-order theory of 
queues [Rybina and Voronkov 2001; 2003]. 
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